Tips for Evaluating a Fulfillment Service Provider

The Four Biggest Benefits

When You and Your Provider Don't See Eye to Eye

Outsourcing Fulfillment Can Grow Your Business

What Services can a Fulfillment Company Offer?

Does Your....Meet Your Demands During Crunch Time?

PCI-DSS Compliance...a must-have for your busines
PCI-DSS Compliance Protects Your Customers and Your Business from Security Risk
 As e-commerce has gained popularity across the globe, so have the instances of cyber crimes that have resulted in stolen financial and personal information for millions of consumers. And while it is a popular perception that the risk is highest for large corporations and retailers – fueled by recent media reports of data breaches in such well-known businesses as Michaels, Sony, Target, Walgreen’s and Marshalls – Trustwave internet security and compliance experts report that more than 93 percent of security compromises involve small merchants.
 
PCI-DSS Compliance…a must-have for your business
 Whether you are handling your customers’ financial information in-house or contracting with a third-party or proprietary website to handle credit card purchases and returns, maintaining PCI-DSS compliant processes is a must for protecting your customers from security risks.
 
The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information security standard created to help all organizations that process credit card payments increase controls around cardholder data and prevent credit card fraud. PCI-DSS was assembled by the Payment Card Industry Security Standards Council (PCI SSC), an independent body that was created in 2006 by the major payment card brands (Visa, MC, AX and Discover). Its task is to manage the on-going evolution of the PCI security standards with focus on improving payment account security throughout the transaction process.
 
In other words, if any customer of an organization ever pays the merchant directly, using a credit or debit card, then the PCI-DSS requirements apply. The PCI Data Security Standards (PCI-DSS) can be found at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtm.
 
To ensure compliance, merchants are required to complete an assessment of PCI –DSS standards annually. Organizations handling large volumes of card transactions must have their compliance assessed by an independent assessor, known as a Qualified Security Assessor (QSA). Companies handling smaller volumes have the option of self-certification via a self-assessment questionnaire. In some instances these questionnaires still require signoff by a QSA for submission.
 
To maintain PCI-DSS compliance, organizations must meet the following requirements:
  •  install and maintain a firewall configuration to protect cardholder data;
  • avoid using vendor-supplied defaults for system passwords and other security parameters;
  • protect stored cardholder data;
  • encrypt transmission of cardholder data across open, public networks;
  • use and regularly update anti-virus software that is commonly affected by malware;
  • develop and maintain secure systems and applications;
  • restrict access to cardholder data by business need-to-know;
  • assign a unique ID to each person with computer access;
  • restrict physical access to cardholder data;
  • track and monitor all access to network resources and cardholder data;
  • test security systems and processes regularly; and
  • maintain a policy that addresses information security.
 
Protect your company and your customers from security threats
 Just as you should complete due diligence and background checks before selecting employees who have access to important customer information, you should be diligent in your process of selecting an external, off-site vendor to maintain, process and transmit that information.
 
Specifically, these services include:
  •  Managed web hosting – You prepare and manage the content but a third party takes care of credit card data;
  • Online shopping carts – Payment details are taken through your website, but sent to a third-party for processing; and
  • 100 percent “redirect” model – You don’t have any responsibility to transmit, process or store cardholder data.
 Before entering into a verbal or written contract with a third-party processor, make sure to ask if the company’s system is compliant, as well as how long it has been since they were tested. Ask to see their QSA PCI Report to make sure the specific services you are seeking are verified compliant in the report. Or, ask to have their system tested as part of the contract terms. If they refuse, seek another service provider.
 
Avoid Costly penalties with PCI-DSS Compliance
 There are stiff penalties for non-compliance. The specific credit card company may, at its discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on until it eventually reaches the merchant.
 
Furthermore, the bank will most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be extremely detrimental to a small company. In addition to possible fines, the loss of business from consumers who might have been affected by the security breach could prove fatal to a business’s reputation and future viability.
 
Innovative Fulfillment Solutions (IFS) understands the importance of maintaining secure personal and financial information for our clients’ customers. The company complies with the latest PCI-DSS standards for processing your customers' credit cards securely and safely, including security management, policies, procedures, network architecture, software design and other critical protective measures intended to proactively protect customer account data.

 

 

 

 

 
Fast Delivery  |  Why IFS?  |  Service Guarantees  |  Client Testimonials  |  FAQs
Copyright 2010 | User Terms | Privacy Policy | Login